The history of computing and network architecture can be viewed as a spectrum between a more centralized approach as demanded in a Client-Server environment and the decentralized approach of a User-to-User network. Both approaches have their strengths and weaknesses. Each approach has been used to build electronic communities and create various forms of computer services.
A simple example of a client-server environment is a website. A website is a service provided by a server (specifically, a web server). Computing devices can access the website by connecting to the server through a network connection (via the Internet or through a local area network). One problem associated with Client-Server environments is that the server and the bandwidth required to service the number of request must also be able to scale with the growth of the number of clients.
User-to-user networks are a type of network in which each computing device connected to the network has equivalent capabilities and responsibilities. User-to-user networks are generally simpler, but they usually do not offer the same performance under heavy loads. Examples of User-to-User networks are file sharing networks such as Napster (http://www.napster.com), E-donkey (http://www.edonkey2000.com) or Kazaa (http://www.kazaa.com). Each of these services allow for direct connections between individual computing devices in the network to exchange files. The problem associated with User-to-User networks involves the lack of security, control and authenticity of the requested files. There are no limits on access to these networks and therefore users have no way to ascertain the quality or source of the received file.
A mixed Client-server and User-to-User system can be developed. For example, Fanning et al. (2002), created a centralized database to locate resources within a user-to-user network. However, Fanning et al. does not address the problems of security or control.
This present invention provides a solution to the problems of scalability of Client-Server environments and the security problems associated with User-to-User computing. The present invention uses a Client-Server environment to identify, authenticate and control the access to a User-to-User network. In addition, this invention applies the ideas of predefined social relationships to the access control of the user-to-user network to create a flexible and secure network.
The importance of social relationships and social networks were publicly recognized by Milgram (1967). A theory, known as the “Six degrees of separation” or “The Small World Problem”, suggests that anyone on the planet can be connected to any other person on the planet through a chain of acquaintances that has no more than five intermediaries. Based on this idea, Weinreich, et al. (2001) created a process to build a database of linkages, and Quinn (2002) created a process to modify directory structures. However, neither Weinreich et al. (2001) nor Quinn (2002) deal with the issues of creating a flexible network based on the concept of social relationships in a user-to-user computing environment and do not address the issue of identification and authentication when accessing network services.
The key element in the establishment of a social network is the implicit understanding of the concept of “trust” between known users of a social network. Trust is defined in Merriam-Webster's Dictionary as “assured reliance on the character, ability, strength, or truth of someone or something”. The nature of trust has proved to be elusive and been discuss extensively in the context of philosophy. The practical implication of trust can explained using game theory, human physiology and psychology and forms the basis of corporate strategy, and economics and sociology.
In the Republic (Plato, 390 BC), Plato suggests that trust exists because of the rules governing the transaction and the fear of punishment for disobedience. In this world view, self interest is the major component of trust. In contrast, other worldviews introduce the properties of innate goodness of humanity, sympathy or shared morality as the basis for trust. A clearer understanding of trust can be found in terms of applications and its impact on human transaction.
Strategic interactions among humans can be described using mathematics. This was first demonstrated by Von Neumann in 1944 in the field of game theory. In game theory, it can be shown that there is optimum strategy for dealing with a given situation or confrontation and the strategy depends on the goals of rational participants. For example, there are different strategies depending on whether one's objective is to maximize the probability of achieving a goal, maximizing one's gains, minimizing one's losses or risk, or ensuring that one's opponent(s) suffers the greatest damage. A classical example of game theory is known as the “Prisoners' Dilemma” (Tucker, 1950) which established the value of trust among participants. In this problem, the best possible outcome for the group as a whole occurs if each user trusts each other. In contrast, the worst possible results for the group occur when each user acts in their own interest.
Social organizations both formal and informal are a trait shared by all human beings. Every member of a society exists within a network of pre-existing relationships of trust. Interaction between relatives, family and kin can be explained based on a biological imperative. By including the element of trust to the psychological development of man, explanation of human interactions can be extended to friends and other users within a group, businesses, community and even nations. The key elements required for trust in a sociological context includes an expectation of future cooperation and a sense of reciprocity.
Trust is also recognized as a valuable component of business strategy. Trust exists within the human behaviour spectrum of confidence (result of specific knowledge built on reason and facts) and faith (belief that is largely immune to contradictory information or events). Trust for an individual can be characterized as a belief that those on whom we depend will fulfill our expectations of them. In a sense, therefore, predictability of behaviour engenders trust. For individuals, varying levels of trust can be established based on fulfilling expectations, acting with integrity and being empathetic.
The concept of trust is also a key element in the theories of macro-economics. In this context, trust can be characterized as an expectation within a community that users of the community will exhibit regular, honest, and cooperative behaviour, based on commonly shared norms. The existence of trust creates social capital, which in turn determines the size of firms, businesses and even economies. Therefore, it is known that one skilled in the art would appreciate that communities of individuals exist where the level of trust accorded to members of that community is greater than that given to the public at large based on the criterion of membership to that community. This could apply to a boy scout troupe, a sports group, a family, to citizens living in a small town or county or even to groups based on ethnicity, race, language, religion or other criteria where a higher level of trust is given to members of the community than to the general public.
The novelty in this invention is the realization that acceptable social behaviour or trust can be codified as a criterion and used to create a security rule, and through its implementation can create a secure electronic community. For example, the simple criterion of “I trust my friends and allow them access to my computing device” can be extended to include “I trust friends of my friends and allow them access” and this logic can be extended recursively until the list of friends and extended friends are exhausted. In this case, the criteria also include the degree of separation between the members of the community. A user might be willing to trust the friends of their trusted friends but not their friend's friend's friend. The underlying social expectation, a friend's trust, forms the security rule for this network. The trust that forms the basis of social relationships can also be found in the workplace. In these cases, the implicit trust is based on the roles of an individual. For example, the CEO of a company allows the vice presidents permission to access a company resource. The vice presidents can allow their managers access to the same resource without the intervention of the CEO or another central administrator. The implications for this type of network are that each user, through his/her role within an organization, is responsible and can make resource access decisions. This role-based trust can once again form the basis of the security rule for establishing the network.
As a result, the present invention provides a new approach to connecting computing devices and allows them to interact based on a secure and acceptable manner which is based on the roles and social connections of the users. The reach and extent of the resulting network can be adjusted according to the preference of the user.